Cybersecurity Wiretap #3: From HijackLoader Updates to SocGholish focusing on zEus & TunnelVision (week of 05/06/2024)

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

HijackLoader Updates by @Threatlabz

  • decrypts & parses PNG image to load next stage
  • has additional features like dynamic API resolution, blocklist process checking, and user mode hook evasion using Heaven’s Gate

CVE-2024-3661, a.k.a. TunnelVision, Exposes a VPN Bypass Vulnerability by @Threatlabz

  • bypass VPN encapsulation and enable attackers to send the traffic outside a VPN tunnel using the built-in features of DHCP

Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, P4 by @elasticseclabs

  • in-depth analysis of v4.9.3 that offers critical insights that can significantly aid the malware research community

zEus Stealer Distributed via Crafted Minecraft Source Pack by #FORTIGUARD LABS

  • relatively simple attack flow, but collects wide variety of inf that provides data for next attack & contributes to social engineering

SocGholish Sets Sights on Victim Peers by @esthreat

  • used living-off-the-land techniques to collect sensitive cred& and configured web beacons in email signatures & network shares to map out local and b2b relationships

FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads by @esthreat

  • threat actors used malicious websites to impersonate brands like AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet

Thanks a lot for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.